Shostack + Friends Blog

 
 
 
An exhausted young man

Training - October

Are you tired of escalations and fights after pen tests find crucial security issues at the last minute? I have upcoming threat modeling training that can help!

 
 
quote from article cited in the post

The COVID testbed and AI

The pandemic gives us a chance to evaluate AI tools...you'll be shocked to discover how they did.

 
 
screenshot from NIST website referencing Executive Order 14028

Threat Model Thursday: NIST’s Code Verification Standard

Earlier this week, NIST released a Recommended Minimum Standard for Vendor or Developer Verification of Code. I want to talk about the technical standard overall, the threat modeling component, and the what the standard means now and in the future.

 
 
 
5G architecture map

Threat Model Thursday: 5G Infrastructure

The US Government's lead cybersecurity agencies have released an interesting report, and I wanted to use this for a Threat Model Thursday, where we take a respectful look at threat modeling work products to see what we can learn.